// you will be able to retrieve the ticket in all controllers by querying properties and looking for "Ticket"...
actionContext.Request.Properties.Add(new KeyValuePair<string, object>("Ticket", ticket));
base.OnAuthorization(actionContext);
}
}

Then Implement an AuthorizeAttribute in which you can retrieve the token that was sent in the Authorize header of the request, unprotect it and add it to the request properties that will then be available in all controllers' methods.

Then in your web methods, Request.Properties will contain Ticket, which itself has a dictionary with the UserID.

You need to register the AuthorizeAttribute in WebApiConfig.cs

config.Filters.Add(new AuthFilter());
// I also have this in my Web API config. Not sure if I had to add this manually or the default project had these lines already...
config.SuppressDefaultHostAuthentication();
config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));